Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4727— Ca: token authentication bypass vulnerability

CVSS 7.5 · High EPSS 0.05% · P15
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-4727

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Ca: token authentication bypass vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用基本弱点进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dogtag PKI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dogtag PKI是Dogtag开源的一个企业级的开源证书颁发机构 (CA)。 Dogtag PKI存在安全漏洞,该漏洞源于 dogtag-pki 和 pki-core 中存在安全漏洞,可以通过 LDAP 注入来绕过令牌身份验证方案,攻击者利用该漏洞可以使用保存在 LDAP 目录服务器中的现有会话进行身份验证,导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Certificate System 10.4 EUS for RHEL-8 8060020240529205458.07fb4edf ~ * cpe:/a:redhat:certificate_system_eus:10.4::el8
Red HatRed Hat Enterprise Linux 7 0:10.5.18-32.el7_9 ~ * cpe:/o:redhat:enterprise_linux:7::workstation
Red HatRed Hat Enterprise Linux 8 8100020240614102443.82f485b7 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 8040020240329193548.17df0a3f ~ * cpe:/a:redhat:rhel_e4s:8.4::appstream
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service 8040020240329193548.17df0a3f ~ * cpe:/a:redhat:rhel_e4s:8.4::appstream
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions 8040020240329193548.17df0a3f ~ * cpe:/a:redhat:rhel_e4s:8.4::appstream
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 8060020240329182634.60523a7b ~ * cpe:/a:redhat:rhel_tus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service 8060020240329182634.60523a7b ~ * cpe:/a:redhat:rhel_tus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions 8060020240329182634.60523a7b ~ * cpe:/a:redhat:rhel_tus:8.6::appstream
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support 8080020240329143735.693a3987 ~ * cpe:/a:redhat:rhel_eus:8.8::appstream
Red HatRed Hat Enterprise Linux 9 0:11.5.0-2.el9_4 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions 0:11.0.6-3.el9_0 ~ * cpe:/a:redhat:rhel_e4s:9.0::appstream
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support 0:11.3.0-2.el9_2 ~ * cpe:/a:redhat:rhel_eus:9.2::appstream
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6

II. Public POCs for CVE-2023-4727

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-4727

登录查看更多情报信息。

IV. Related Vulnerabilities

Same weakness: CWE-305

V. Comments for CVE-2023-4727

No comments yet

Leave a comment